Supplier and Third Party Due Diligence | Affordability Assessment and Credit Checks | Employee Verification and Screening | Mortgage Conduct of Business MCOB | Template for FCA Applications and Authorised Firms

← Return to the Table of Content for all MCOB pages

Due Diligence Policy

1. Policy Statement

The Company are committed to ensuring that our client and customer interactions and business relationships are transparent, legal, suitable, relevant and safe (for the customer and the Company). Having effective due diligence controls and processes in place is essential to the functioning of our business and enables us to provide a compliant service and to ensure that we can minimise the risks of money laundering or terrorist financing within our organisation.

By carrying out due diligence checks and assessments on all employees, customers and business relationships, we aim to protect ourselves and our customers from the risks associated with financial crime, as well as ensuring the suitability and effectiveness of any products/services that we provide.

Our approach to due diligence is multi-tiered and in addition to our due diligence measures, we also assess organisational change and the implementation of any new system/process to ensure that we can mitigate risks and protect the interests of our customers.

2. Purpose

The purpose of this policy is to provide our intent, objectives and processes for due diligence and to provide our employees with structured guidance on completing assessments and our Know Your Customer processes. We are committed to providing only the highest level of service and product quality and therefore understand and respect our due diligence obligations which seek to protect and know those with whom we work.

Our due diligence program not only aims to ensure that we have safe and transparent business relationships, but that we are also compliant with the money laundering regulations and our regulatory obligations to know and verify who we form business relationships with, who our suppliers are and who we are employing. This policy is to be read in conjunction with the below policies and documents: –

• Due Diligence Checklist
• Due Diligence Questionnaires
• Recruitment, Selection & Induction Policy
• Risk Assessment Policy & Procedures
• Outsourcing Policy & Procedures
• Anti-Money Laundering Policy & Procedures
• AML Risk Assessment

3. Scope

The policy applies to all staff (meaning permanent, fixed term, and temporary staff, any third-party representatives or sub-contractors, agency workers, volunteers, interns and agents engaged with the Company in the UK or overseas) within the organisation and has been created to ensure that staff deal with the area that this policy relates to in accordance with legal, regulatory, contractual and business expectations and requirements.

4. What is Due Diligence?

Due diligence is the assessment, investigation and review of a product, service, business, individual or third-party. In accordance with our business type and regulatory obligations, the Company is committed to carrying out robust due diligence where any new relationship is formed, to protect both ourselves and the customer and to ensure that we comply with our money laundering obligations.

We utilise questionnaires to obtain, document and evidence the due diligence information collected and have separate questionnaires for: –

• Customer Due Diligence (individual or business)
• Supplier or Third-Party Due Diligence
• Employee Due Diligence (including contractors, agency staff etc)

We have developed processes and controls for these three areas that enable us to identify, verify and assess our services, the people and companies with who we develop business relationships and the customers we serve.

4.1 Customer Due Diligence (individuals and businesses)

The Company understands the importance of product/service suitability for each customer and respects that one size does not fit all.  When providing products/services to individual customers, we carry out strict and robust due diligence on each customer to assess their status, identity and suitability of the product/service in question. Effective due diligence controls also enable the Company to prevent or reduce the risk of being used for financial crime or terrorist financing.

We complete due diligence questionnaires for all individuals/businesses involved in any services, products or transactions offered by us, including: –

• Individual customers (i.e. separate due diligence forms & checks for instances where more than one person is involved in the service, such as purchasing a property, joint loans etc)
• An individual acting on behalf of the person(s) involved in the service/transaction (i.e. third-party, broker, carer, those with power of attorney etc)
• Beneficial Owners (where applicable)
• Politically Exposed Persons (PEP’s)
• Corporate Entities
• [Add/Delete as applicable to your business]

Our dedicated Due Diligence Questionnaires enable us to obtain, document and evidence detailed information about each customer, including verification of their identity or company structure/formation; purpose and intent for the business relationship; source of funds/wealth; transaction analysis and more. We are committed to ensuring that we comply with our money laundering obligations and understand the importance of adequate and effective due diligence at the start of any business relationship.

Carrying out thorough due diligence also enables us to identify high risk customers, including those with large, complex or unusual transactions, beneficial owners and politically exposed persons. In these cases, we are then able to conduct enhanced due diligence and conduct more frequent reviews of the customer and their transactions to protect both the Company and the individual.

4.2 Supplier & Third-Party Due Diligence

Businesses with whom we work are expected to maintain and uphold the same level of compliance, customer awareness and standards as we maintain and as such, to also have stringent due diligence and Know Your Customer controls and measures in place. Prior to forming any new business relationship with a supplier or contactor and on an annual basis thereafter, we carry out audits and verification processes to ensure that we know who we are working with and can guarantee their level of commitment, compliance and service.

4.3 Employee Due Diligence

The service that we provide is only as good as our employees, so our recruiting, selection and induction processes include several due diligence measures to ensure that we know who we are employing and gain references and evidence of background and skill level.

Evaluation areas for each candidate during recruitment includes: –

• Educational Background
• Experience
• Qualifications
• Presentation
• Match Person Specification Requirements
• Communication Skills
• Management/Leadership Skills (if applicable)
• Overall Impression

5. Objectives

The Company has set out the below objectives which it intends to meet in relation to our due diligence obligations. All staff are bound by these objectives and we ensure that frequent reviews and audits are carried out, ensuring that we remain compliant with any laws and regulations.

The Company ensures that: –

• Know Your Customer checks are completed prior to forming any new business relationship
• A Due Diligence Questionnaire is always completed and retained alongside supporting documents, checks and information
• We protect ourselves and our customers from risks and financial crime by carrying out due diligence checks on all associated businesses and individuals
• Evidence to support due diligence checks is always obtained during verification and retained for a period of 5 years after the cessation of the relationship
• Business relationships (e.g. suppliers, service providers, lead generators etc) are reassessed on an annual basis and audited for ongoing compliance, adherence to the SLA requirements and consistence of quality
• All employees are subject to due diligence and background checks during the recruitment stage and on an annual review basis
• To carry out ‘Enhanced Due Diligence’ on certain individuals or business that we deem to be of a higher risk in relation to financial crime. High risk categories include (but are not limited to): –

• • Politically Exposed Person’s (PEP’s)
  • Relatives and/or close associates of PEPs
  • Beneficial Owners
  • High-net Worth Individual/s
  • Customers with large and/or complex transactions
  • Unusual transactions or unusual patterns
  • Entities registered in Countries classified as High Risk by FATF
  • Unregistered Organisations

6. Due Diligence Processes

The Company have developed bespoke Due Diligence Questionnaires to meet the requirements of the type of relationship being formed. We have created individual questionnaires as questioned asked and answered by an individual customer can vary from those responded to by a corporate entity or in the capacity of a supplier.

We therefore have 4 defined Due Diligence Questionnaires: –

• Individual Customer Due Diligence Questionnaire – used where the relationship/product/service is being offered to one or more individuals in a non-commercial capacity (i.e. residential sales; mortgage broker; lender; asset management; letting agent etc)
• Business Customer Due Diligence Questionnaire – used where the product/service is being offered to a corporate entity (corporate buy to let; business loan etc)
• Supplier/Business Relationship Due Diligence Questionnaire – used for suppliers or partnership business relationships made by/with the Company and where no products/services are involved. This is to validate the business/supplier offering the service and verifying their identity to reduce risks and protect the Company and its customers (i.e. security provider; IT services; cleaning services etc)
• Employee Due Diligence Questionnaire – used for new starters or annual review due diligence checks on existing employees (including contractors, agency staff or temps). This questionnaire is completed to verify the identity of each employee, to research previous employment and qualifications and to complete background, financial and CRB searches

Our questionnaires also contain enhanced due diligence questions that are only completed where EDD is required owing to the status or risk level of the customer (or the role in the case of employees). In most cases our EDD process is to obtain additional supporting information and document evidence for identity, purpose/intent for relationship/transaction, source of funds (where applicable) etc.

[The 4 due diligence questionnaires included in your pack have been developed to include standard verification and identity check questions but should be customised to suit your business type and the customer/business being assessed.]

6.1 Individual Customer Due Diligence Process

The Company ensures that when we work with individual customers or they intend to use our products/services, we undertake extensive due diligence checks to meet our money laundering requirements and also to ensure that any products/services are suitable and affordable for each customer.

We utilise our bespoke due diligence questionnaire and checklist when completing due diligence assessments to ensure that all areas are covered, and we are able to evidence the checks and assessments if required. Our individual customer due diligence measures in this area include: –

Identity Verification

For individuals, we verify the customers identity prior to forming any professional relationship. This includes: –

• Copy of Passport or Photo Card Drivers Licence (or other government issued document)
• Proof of Residential Address (dated within last 3 months)
• Completed Individual Due Diligence Questionnaire
• Background Verification Checks (including Electoral Register searches, Credit Checks, References etc)
• Wage slips and/or proof of employment and income & I&E form (where applicable)
• [Add/delete as applicable]

Affordability Assessment (where applicable)

For certain services/products, we are required by law to ensure that a customer can afford to make repayments in relation to those product/services. Where this is the case, our standard due diligence checks include an assessment of the customer’s income, expenditure and other creditor commitments, which are used alongside evidence of income (wage slips, benefits etc), to obtain their monthly disposable income. We then use this figure to ascertain if they can afford any repayments.

Credit Checks

We use [Experian/Equifax/CallCredit] to assess the customers’ current credit status and score and obtain information about any outstanding County Court Judgments, Bankruptcy Orders or IVA’s. We also assess their current financial obligations and any defaults on their account.

Completed Paperwork

We complete a standard due diligence questionnaire for all new customers which enables us to document all of the relevant information about the customer and retain alongside supporting documents.

Where our business type requires us to have specific forms or documents completed/signed by the customer, these are sent to the customer and completion requested.

Other Measures and Checks

[You should document here any additional checks, forms, obligations or measures that form part of your due diligence process. These are usually business specific and can include documents such as: –

• Proof for source of funds for residential property sales
• Bank statements
• References (i.e. employment, landlord etc)]

The Company requires verifiable details and evidence to include documents and/or information obtained from a reliable source which is independent of the person whose identity is being verified. In accordance with MLR17, we consider documents issued or made available by an official body to be regarded as being independent of a person even if they are provided or made available to the relevant person by or on behalf of that person.

We designate information as being obtained from a reliable source where it is obtained by means of an electronic identification process (including by using electronic identification means or by using a trust service), and where the process is secure from fraud and misuse and the issuer is capable of providing an appropriate level of assurance that the person claiming a particular identity is in fact the person with that identity.

6.2 Business Customer Due Diligence

When forming a business relationship (either in a commercial customer capacity or in relation to business supplier/partnership contracts), the Company recognises its obligations to carry out due diligence checks on the company itself as well as any Owner/Director. We are committed to preventing money laundering and terrorist financing and understand that having robust Know Your Customer controls and processes in place is essential for minimising risk.

We view Know Your Customer functions as part of the process for investigating and verifying the identity, reputation and status of any business with who we intend to form a relationship. We also utilise risk assessment controls and procedures for reducing the risk of and preventing financial crime (view our AML Policy & Procedure for more information) and during any outsourcing functions (view our Outsourcing & Supplier Policy & Procedures for more information).

6.3 Discrepancies in Registers

Under the MLR17 (2019 amendments), the Company recognises the requirement to report discrepancies in registers before establishing a business relationship with: –

• a company which is subject to the requirements of Part 21A of the Companies Act 2006
• an unregistered company which is subject to the requirements of the Unregistered Companies Regulations 2009
• a limited liability partnership which is subject to the requirements of the Limited Liability Partnerships (Application of Companies Act 2006) Regulations 2009, or
• an eligible Scottish partnership which is subject to the requirements of the Scottish Partnerships (Register of People with Significant Control) Regulations 2017

The Company obtains proof of registration (or an excerpt of the register) from the company/partnership and retains the evidence on file along with the due diligence questionnaire. The details provided from the register are cross-referenced with those obtained during our due diligence and identity verification process, with any discrepancies being reported Companies House.

7. Know Your Customer Controls

KYC controls are designed to prevent banks and other susceptible financial organisations from being used, intentionally or unintentionally, by criminal elements for money laundering activities. Such controls will also help a firm to understand their clients and customers and protect themselves from external risks. The Company’s KYC controls include: –

[ADD/DELETE YOUR CONTROLS AS APPLICABLE]

• Collection and analyse basic identity information (using the Due Diligence questionnaire form)
• Obtain evidence to support an Individual’s Identity:
  • Passport or Photo Card Drivers Licence (or other government issued document)
  • Proof of Residential Address (dated within last 3 months)
• Obtain evidence documents to support a Legal Entity:
  • Full Legal Name & Certificate of Incorporation
  • Registered office in country of incorporation and business address
• Use ID and gathered information to carry out background checks with reputable source, to include:
  • Background check
  • Credit Check
  • ID Check
  • Address Confirmation
  • Trading Status (if business)
• Review individual/business name (and/or business type/location) against known parties list (e.g. high level, enhanced, politically exposed person etc)
• Identifying the beneficial owner, and taking reasonable measures to verify the identity of
• the beneficial owner such that we are satisfied that we know who the beneficial owner is
• Identifying whether the customer/ beneficial owner is a legal person, trust, company, foundation or similar legal arrangement and take reasonable measures to understand the ownership and control structure of that legal person, trust, company, foundation or similar legal arrangement
• Assessment of risk to business based on internal risk assessment matrix and controls
• Obtain information on the purpose and intended nature of the business relationship
• Initial and ongoing monitoring and reviews on the business relationship and of the customer’s transactions against expected behaviour
• Recording of all due diligence information and ongoing transactions
• [Add/delete as applicable]

8. Enhanced Due Diligence

Enhanced Due Diligence (EDD) is sometimes needed for higher risk customers/business relationships who present increased exposure and/or a higher threat with regard to money laundering or terrorist financing risks. Below are some of the factors we consider in performing enhanced due diligence and assessing the level of risk the company may be exposed to. The Company consider the below circumstances to require EDD: –

• Where an individual or legal identity has been, risk assessed and scored as presenting a higher risk in terms of money laundering or terrorist financing
• Where any obtained due diligence document or response is not conclusive in either proving an identity, or registered/residential address
• Where the customer has not been physically present for identification purposes or in the case of legal entities, where a physical site visit has not taken place
• Where the individual or legal entity is from a non- European Economic Area (EEA) state
• where the customer or potential customer is a PEP, or a family member or known close associate of a PEP
• in any business relationship with a person established in a high-risk third country or in relation to any relevant transaction where either of the parties to the transaction is established in a high-risk third country
• in relation to correspondent relationships with a credit institution or a financial institution
• where a customer has provided false or stolen identification documentation or information and the Company proposes to continue to deal with that customer
• in any case where: –
  • a transaction is complex and unusually large
  • there is an unusual pattern of transactions, or
  • the transaction or transactions have no apparent economic or legal purpose
• in any other case which by its nature can present a higher risk of money laundering or terrorist financing
• [Add/delete as applicable]

Those who we assess as requiring enhanced due diligence (EDD) checks are flagged and monitored on a [weekly/monthly/quarterly] basis and we carry out due diligence checks and reassessments on a quarterly basis as oppose to our usually annual checks. Additional background checks on financial status, trading history, criminal checks and status are performed and enhanced assessments that our standard customer due diligence does not cover.

Such additional due diligence can include (but are not limited to): –

• Obtaining source of funds/wealth
• Scrutinising an individual’s position or employment
• Due diligence on family members and close known associated
• Geographical implications
• Transaction history
• Enhanced referencing and additional information on previous, existing and intended business relationships
• obtaining information on the reasons for the transactions
• obtaining the approval of senior management for establishing or continuing the business relationship
• conducting enhanced monitoring of the business relationship by increasing the number and timing of controls applied and selecting patterns of transactions that need further examination

We employ a risk-based approach when assessing for enhanced due diligence and require additional supporting documents to verify any individual and/or company. Such additional EDD requests include (but are not limited to): –

• Articles of association
• Multiple sources for proof of identity
• Previous address/employment history
• Names and addresses of suppliers or business contacts
• Source of funds
• Income and expenditure evidence
• Family and close associate details
• Source of wealth (i.e. property sales, inheritance, assets etc)
• Onsite visits and physical audits
• Transaction monitoring
• Increased due diligence and background checks throughout business relationship
• [Add/delete as applicable]

9. Existing Customer Due Diligence

In addition to our standard new business relationship due diligence measures. We also carry out standard due diligence measures: –

• when we have any legal duty in the course of the calendar year to contact an existing customer for the purpose of reviewing any information which: –
• is relevant to the Company’s risk assessment for that customer, and
• relates to the beneficial ownership of the customer, including information which enables the Company to understand the ownership or control structure of a legal person, trust, foundation or similar arrangement who is the beneficial owner of the customer
• when the Company must contact an existing customer in order to fulfil any duty under the International Tax Compliance Regulations 2015(1)
• at other appropriate times to existing customers on a risk-based approach
• when the Company becomes aware that the circumstances of an existing customer relevant to its risk assessment for that customer have changed

When determining if it is appropriate to take customer due diligence measures in relation to existing customers, the Company always considers: –

• any indication that the identity of the customer, or of the customer’s beneficial owner, has changed
• any transactions which are not reasonably consistent with the Company’s knowledge of the customer
• any change in the purpose or intended nature of the Company’s relationship with the customer
• any other matter which might affect the Company’s assessment of the money laundering or terrorist financing risk in relation to the customer

10. Employee Verification and Screening

We carry out extensive due diligence checks and screening of employees and agents, both before the appointment is made and at regular intervals during the employment/appointment.

Background and CRB checks are carried out as standard along with specific skills screening assessment of: –

• the skills, knowledge and expertise of the individual to carry out their functions effectively
• the conduct and integrity of the individual
• an understanding of the identification or mitigation of the risks of money laundering and terrorist financing as applicable to our business
• knowledge and skills to ensure prevention or detection of money laundering and terrorist financing as applicable to our business

11. Due Diligence Checklist & Questionnaires

The Company has developed an extensive Due Diligence checklist and dedicated questionnaires for each type of customer or business relationship so that they information obtained is relevant to the customers type and status. The checklist is used to review our processes around due diligence and to ensure that we are complying with all relevant obligations, laws, regulations and guidelines.

The checklist is completed on an annual basis for audit and review purposes and is also completed where new business relationships or supplier relationships are formed. The completed checklists are retained for 5 years from the cessation of the business relationship. The checklist is also used by the [Compliance Officer/Senior Manager] to complete compliance reviews on high risk customers and service providers in conjunction with physical audit visits and reports.

All third parties with whom we form a business relationship are required to complete our Supplier Due Diligence Questionnaire with background and trading information, along with full supporting documents and background checks. We review and process such audits on an annual basis to ensure that all held information is valid and up to date and these records are retained for 6 years after the business relationship has dissolved.

12. Responsibilities

The Company ensures that all employees are provided with the time, training and support to learn, understand and implement this Due Diligence Policy along with our Due Diligence Checklist template and any Know Your Customer controls applicable to roles and business functions.

Where any new due diligence functions or processes are developed or utilised, all staff will be made aware of the changes and provided with an opportunity for feedback to ensure full understanding and compliance.

[NOTE: Carrying out due diligence suitable to your business type will involve bespoke processes and areas which must be added to this document. Where you already have working due diligence measures, controls and procedures in place, ensure that they are inserted above.]